- CrystalX RAT offers advanced remote access and data theft
- Contains prankware features to attract novice hackers
- Promoted via Telegram and YouTube subscription campaigns
Security researchers are warning about a new malware service offered on the dark web that, in addition to advanced and highly disruptive features, also enables various pranks and annoyances.
Cyber security experts Kaspersky have detailed the CrystalX RAT, a new malware-as-a-service (MaaS) offering similar to the popular WebRAT.
“CrystalX RAT represents a highly functional MaaS platform that is not limited to espionage capabilities—spyware, keylogging, and remote control—but includes unique theft and prankware capabilities,” the researchers explained. “Combined with the growing PR campaign for the CrystalX RAT, it can be concluded that the number of victims may increase significantly in the near future.”
The article continues below
PR campaign
This tool has a lot to offer – for remote access and system control, it enables command execution, arbitrary file download/upload, file system browsing, real-time machine control, and forced system shutdown.
For data theft and info theft, it enables keylogging, clipboard jacking, browser data theft and desktop app data theft (Steam, Discord, Telegram).
Finally, for surveillance, it enables video recording through the camera, as well as audio recording through the microphone.
At the same time, it can also be seen as prankware. There are a handful of disruptive features thrown into the mix, such as the ability to change desktop backgrounds, change the screen orientation to different angles, display fake notifications, change the cursor position, hide desktop icons, the taskbar, Task Manager and Command Prompt executable, and mouse remapping.
Finally, it provides a chat window between attacker and victim that allows the attackers to tease, taunt, threaten or demand money from their victims.
The PR campaign Kaspersky mentions is a series of fairly organized campaigns across different channels designed to lure potential buyers, as CrystalX RAT works on a tiered subscription model. Unfortunately, there was no mention of how much a subscription costs. We only know that there are several levels on offer.
The primary channel for promotions and subscriptions is Telegram, the famous instant chat platform. However, MaaS is also promoted on YouTube via a dedicated marketing channel, which demonstrates its various features and capabilities.
Moreover, Kaspersky argues that the prankware features are also in a sense a PR stunt, as such an offer will most likely stand out in a sea of different malware-as-a-service solutions.
Designed for noobs, targeting Russians
For Kaspersky, CrystalX RAT is primarily designed for script kiddies and newbie hackers, hence the aggressive social push and prankware features. However, it also has a handful of advanced tools, which mostly appear to be sourced from WebRAT.
These include a detailed user panel, various customization options as well as anti-analysis functions. Some of its standout features include geo-blocking, executable customization, anti-debugging, VM detection and more.
Right now, it’s hard to say how many people fell victim to the CrystalX RAT or how they originally picked it up. It is likely that a social engineering campaign is at play, including things like fake software cracks, non-existent premium services, activators, and the like. The victims are predominantly located in Russia, and according to Leonid Bezvershenko, senior security researcher at Kaspersky GReAT, the RAT is “already affecting dozens of victims.”
“Such a diverse feature set effectively enables a 360-degree compromise of the victim and a complete loss of privacy. In addition to accessing account information, the stolen data can potentially be used for blackmail,” he said. “We expect the number of victims to grow significantly and its geographic spread to expand in the near future.”
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
